Implications of using insecure memory

Johan Wevers johanw at
Tue Oct 5 04:28:44 CEST 2004

Atom 'Smasher' wrote:

>supplying a password to *any* application being run on a box that isn't 
>under your direct administrative and physical control is a risk, and 
>shouldn't be overlooked. however, it pales in comparison to using pgp/gpg 
>on windows.

Well, I would feel more secure entering a password on my machine, which I
have under physical control, when it has booted windows than when I would
do it on a Linux machine who someone else controls. Of course, the fact that
it uses a NAT router and firewall to enter the internet that has standard
all ports from outside to inside closed helps. I have only set port 80
explicitly open, and since the windows 2000 or 98 don't run webservers
it won't be of much use for an attacker.

ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at   //
PGP/GPG public keys at

More information about the Gnupg-users mailing list